Data Center Security: How Cloud Services Keep Your Files Safe

By James Crace— Last Updated: 20 Jul'172017-07-07T06:22:57+00:00

Cloud technology has changed the way we use computers, moving our software and data to the cloud instead of being installed on our own devices. We worry less about our files knowing they are stored safely in a data center, encrypted and secure, spread across multiple drives for redundancy.

But what about the data centers themselves? Many people are concerned about privacy ever since Edward Snowden lifted the veil on NSA spying, let alone the threat of cybercrime, so how are cloud services protecting your data?

Data Centers

To answer that question, let’s first take a look at what data centers are. You probably imagine a room full of computers and though that’s not incorrect, it’s likely a little different than you might imagine.

That’s one of Google’s many data centers. The company is very transparent when it comes to their data centers, revealing as much as they can without compromising security. They have such centers across the world to both ensure redundancy in the case of an outage and also to provide reliable connections to users irrespective of geographical location.

A data center is a centralized location for IT infrastructure, whether privately owned, for a company’s internal IT needs, or whether it provides public services and infrastructure, such as Amazon’s Web Services. As you can imagine, centralizing all this equipment is risky without the proper precautions.

Data centers typically require at least the following to keep data safe:

Environmental controls: these are necessary to keep equipment cool, since a room full of high-powered technology generates an incredible amount of heat. Excess heat can lead to equipment failures and shorten the lifespan of server components.

Uninterruptible Power Supplies (UPS): in the event of a power outage, servers and other equipment must keep running to meet the data center’s SLA, or service-level agreement. UPS units and backup generators can keep servers running until power is restored.

Security systems: to ensure the security and privacy of customers, data centers employ a wide range of security measures to prevent unauthorized access, including biometric access measures, locked server cages, surveillance systems, multiple forms of identification and some go so far as using “mantraps” — a small room that connects an unsecured area to the secure data center.

Though those first two are worthy of their own respective articles, let us focus on security for now.

Data Center Security Measures

Though compiling a full list is practically impossible, these are the most common security measures you can find in any given secure data center.

Surveillance Systems

One of the first lines of defense in any security plan is adequate surveillance. For starters, cameras installed around the perimeter of a data center are used to watch for suspicious activity. Inside, video surveillance acts as a record in the event of a security incident, while metal detectors ensure that hardware is not snuck into or out of the facility.

Security Guards

Most data centers will employ security guards inside the facility, but some such as Google and Apple have security guards that routinely patrol both the interior and exterior of their facilities.

Though it is unlikely that anyone will try and take a data center by storm, some companies arm their guards, further securing the premises.

Building Design

Data centers are typically one of two styles depending on function and the needed security: single-purpose, or multipurpose. Multipurpose data centers are less secure, as they have other employees on site besides those responsible for the data center itself. They may contain adjacent offices for the business and aren’t usually used for sensitive data or infrastructure.

Secure data centers are built strictly for the purpose of housing IT infrastructure and are designed accordingly. Typically they are removed from the road, keeping a buffer zone around the site, including crash-proof barriers and security patrols.

Most do not have exterior windows and if they do they are typically made of bulletproof glass. Fire exits open strictly to the outside and there are a limited number of entry points, usually a front entrance and a loading area.

The interior is designed to separate the main data center area from any other rooms, such as a break room, entrance lobby or restrooms. Security increases the closer you get to the heart of the data center, requiring multiple forms of identification or access control.

Access Control

Only authorized personnel should be allowed in these secured areas, where the servers, routers and other equipment live. To prevent unauthorized individuals from waltzing in and out with customer data or installing malicious hardware, data centers employ a wide array of access controls throughout a data center.

Google, for example, uses custom-designed electronic access cards and the closer you get to the data center floor the more sophisticated the authorization protocols get. The heart of the data center is only accessible via a security corridor that uses multifactor access control with badges and biometrics, with less than one percent of Google employees ever stepping foot inside the data center.

Mantraps are often employed to limit access to authorized individuals and prevent criminals from tailgating, the practice of following someone closely to gain unauthorized entry to a secure area. Typically, a mantrap is a set of two doors with an airlock in the middle.

Both doors of a mantrap require authentication, such as a biometric lock or keycard, and only one door can open at a time. The area is kept under surveillance so that guards can identify any issues or stop someone from proceeding further.

Scales are used to measure visitors, and are sensitive enough to weigh someone and determine if someone leaving is heavier than they were upon entering, indicating they might be sneaking out stolen hardware. If the scale detects a difference, the door refuses to open and requires a security guard to bypass the locking mechanism.

For sensitive servers and equipment, separate rooms and cages or cabinets are used to segregate sensitive equipment from non-sensitive servers. Companies such as Iron Mountain allow customers to request CCTV cameras in the cage as well as custom fencing materials and other features, if needed.

This is just a few of the many countermeasures employed by data centers. Google goes so far as to build their own custom servers from the ground up, removing unnecessary hardware or features to reduce the attack surface. No one else has the servers that Google uses.

Other data centers may employ similar custom solutions, and don’t disclose other security systems or countermeasures they employ to reduce the possibility of compromise. Security is, after all, serious business.

Conclusion

Hacking, malware and spyware are the obvious threats to your data, but few people stop to think of the physical aspect of IT security. Data centers take security to a whole new level. They are costly businesses to run and their entire purpose is to keep IT infrastructure up and running 24/7, secured from any and all possible threats.

Sign up for our newsletter to get the latest on new releases and more.

Now that you know the measures companies take to protect their servers, you can worry a little less about storing data in the cloud. The biggest weak spot in cloud computing is user error, so take some time to learn how to create a strong password and learn how to encrypt your data, including texts and emails.

Thank you for reading and please let us know your thoughts in the comments below.